Enzo Biochem, a prominent biotech company, has reached a significant settlement, agreeing to pay a sum of $4.5 million to the states of New York, New Jersey, and Connecticut. This decision is a direct result of a ransomware attack that occurred in April 2023, which led to the exposure of sensitive diagnostic and personal data of nearly 2.5 million people.
The announcement came from the attorneys general of the states involved, following Enzo Biochem’s report of the breach to federal authorities. A thorough investigation, primarily led by the New York Office of the Attorney General, discovered that the breach was enabled through the use of two employee login credentials. These credentials were not only shared among five employees but also had one set that had not been updated in over ten years. The lack of multi-factor authentication for email access further heightened the company’s risk to such cyberattacks.
In light of the settlement, Enzo Biochem has pledged to enhance its cybersecurity measures. This includes adopting multi-factor authentication for all employee accounts and revising existing security policies. The company is also set to conduct regular risk assessments and develop a detailed incident response plan.
The settlement highlights the essential need for stringent data security, particularly in the healthcare industry. New York Attorney General Letitia James pointed out the serious risks that patients face when their personal and health information is vulnerable to theft due to inadequate security measures. The state of New York, which had the highest number of individuals affected by the breach, will receive the largest portion of the settlement funds.
This case acts as a sobering reminder of the severe repercussions that can arise from insufficient data protection practices and the constant vigilance required to combat the ever-changing landscape of cyber threats.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
